CODEWITHSUNDEEP
javamicrosoft-graph-api
N.D.H.Vu
N.D.H.Vu

Reputation: 157

How to set scope when call Microsoft Graph API?

I am current learning how to use Microsoft Graph API to do stuff on MS Team in Java.

I try the below code:

ClientSecretCredential _credential = new ClientSecretCredentialBuilder().clientId(clientId).clientSecret(secretValue).tenantId(tenantId).build();
TokenCredentialAuthProvider authProvider = new TokenCredentialAuthProvider(graphUserScopes, _credential);
GraphServiceClient<Request>_client = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();

ChatMessage chatMessage = new ChatMessage();
ItemBody body = new ItemBody();
body.content = message;
chatMessage.body = body;

_client.teams(teamId).channels(channelId).messages().buildRequest().post(chatMessage);

When I set "graphUserScopes" with "ChannelMessage.ReadWrite.All", I got error:

[Correlation ID: 1dfc9400-2584-42ba-818b-230dd94e149c] Execution of class com.microsoft.aad.msal4j.AcquireTokenByClientCredentialSupplier failed.
com.microsoft.aad.msal4j.MsalServiceException: AADSTS1002012: The provided value for scope openid profile offline_access is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).

When I set "graphUserScopes" with "https://graph.microsoft.com/.default", I got error:

408Graph service exception
com.microsoft.graph.http.GraphServiceException: Error code: Forbidden
Error message: Missing role permissions on the request. API requires one of 'Teamwork.Migrate.All, ChannelMessage.ReadWrite.All'. Roles on the request ''.

I go to "https://portal.azure.com" to edit API permission and add "ChannelMessage.Send" but nothing change. I try add "ChannelMessage.ReadWrite.All" but it said "admin consent" need.

What should I do?

UPDATE 2022/07/07: I have added API Permission to Azure, and now get new issue:

com.microsoft.graph.http.GraphServiceException: Error code: PreconditionFailed
Error message: Requested API is not supported in application-only context

As I understanding, ClientSecretCredential class is only apply for "Application permission", and what I need is class for "Delegated permission".

The issue now is different than the original, so I would like to ask the follow up question in new thread "https://stackoverflow.com/questions/72897255/how-to-request-authorization-code-for-authorizationcodecredential"

Upvotes: 1

Views: 2899

Answers (1)

Theodor Peifer
Theodor Peifer

Reputation: 3496

There is a "Grant admin consent for " button at the API permissions. If you are the admin, simply click that. If it was successful, the column "Status" should say "Granted for " for all permissions you added.

Upvotes: 1

Related Questions